PwnedList, an online service that allows subscribers to monitor whether their credentials have been leaked in data breaches, said on Thursday that its decision to shut down has nothing to do with a serious vulnerability that exposed its collection of 866 million compromised credentials. “The site was scheduled for decommission a while back. Due to...

A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs. The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker...

It’s rare a week goes by now without a new strain of ransomware making headlines. Researchers described one of the latest earlier this week, a relatively affordable ransomware-as-a-service named AlphaLocker. One of the main selling points to AlphaLocker is how cheap it is; the ransomware can be purchased directly from the author for as little...

For online casinos, business begins to peak as gamblers punch out of work and belly-up to virtual blackjack tables. But on this Tuesday in February at 5p.m., the odds were not in the house’s favor. That’s when this virtual casino—with tens of millions of dollars in virtual transaction data, thousands of user profiles and millions...

A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The vulnerability allows attackers to escalate privileges on a device, leading...

Cisco Systems said it has patched a critical flaw tied to its TelePresence hardware that allowed unauthorized third-parties to access the system via an API bug. The networking behemoth also alerted customers to a duo of denial of service attack vulnerabilities that represent a high risk for its FirePOWER firewall hardware. The United States Computer Emergency Readiness...

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El Capitain v 10.11 and later. Apple said it...

Cybercriminals accessed a W-2 portal maintained by payroll company ADP recently to glean sensitive information about employees at a handful of companies. The company is stressing that the company itself wasn’t hacked, but that it appears identity thieves may have been able to create ADP accounts in the names of victims using previously leaked personally...

Within hours of the disclosure of serious vulnerabilities in ImageMagick, public exploits were available increasing the risk to thousands of websites that make use of the open source image-processing software. Attackers can append malicious code to an image file that ImageMagick will process without question, leading to, in the case of one of the vulnerabilities,...

A 10-year-old boy from Finland earned $10,000 after discovering an API bug that allowed him to erase Instagram comments from any account. Facebook confirmed to Threatpost the boy, who goes by the name “Jani”, discovered the bug in late February and received the payout in early March from Facebook’s Bug Bounty program. Actually, it was...